feat(gh-workflows): add supply chain security scan gate#102
Draft
mateo-di wants to merge 1 commit into
Draft
Conversation
Add automated supply chain security scanning to the upstream sync pipeline, responding to the litellm v1.82.8 PyPI compromise (BerriAI#24512). New workflow (carto-supply-chain-security.yml) with 5 layers: - GuardDog (Datadog/OpenSSF): Semgrep-powered malicious pattern detection - Wheel allowlist audit: only litellm/ and dist-info/ files allowed - GuardDog wheel verify: scan built wheel for malicious code - pip-audit (PyPA): known vulnerability scanning (advisory) - Structural integrity: setup.py guard, dependency source check Additional hardening: - Pin all GitHub Actions in CARTO workflows by commit SHA (prevent tag hijacking) - Add wheel audit step to Dockerfile build (defense-in-depth at build time) - Add supply chain security checklist to upstream sync PR body - Add supply chain scan function to ci_cd/security_scans.sh Co-authored-by: Claude <noreply@anthropic.com>
Collaborator
Author
|
/gemini review |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add automated supply chain security scanning to the upstream sync pipeline, responding to the litellm v1.82.8 PyPI compromise (BerriAI/litellm#24512).
Story: sc-543659
What Changed
New: Supply chain security scan workflow
carto-supply-chain-security.yml— runs on every PR tocarto/mainwith 5 security layers:.pthabuse, base64 payloadslitellm/+dist-info/(exact v1.82.8 attack vector)setup.pyintroduction, non-PyPI deps, build hooksHardening: Pin GitHub Actions by SHA
All CARTO workflow files now use commit SHA pinning instead of tag-based pinning (
@v4→@<sha> # v4). This prevents tag hijacking attacks where an attacker replaces a tag with malicious code.Hardening: Dockerfile wheel audit
Added inline wheel allowlist check after
python -m buildin the Dockerfile. Fails the Docker build if unexpected files (e.g.,.pth) are found in the wheel.Updated: Upstream sync PR template
Added a "Supply Chain Security" checklist section to the upstream sync PR body.
Updated:
ci_cd/security_scans.shAdded
run_supply_chain_scans()function with GuardDog scan, wheel audit, and structural integrity checks.Approach: "Allow known good" > "Block known bad"
Instead of hand-rolled grep patterns for specific attack vectors (reactive, whack-a-mole), we use:
litellm/andlitellm-*.dist-info/files allowed (catches any future attack vector, not just.pth)Investigation Results
Our fork is confirmed NOT compromised:
python -m buildin Dockerfile), never from PyPIcarto/mainAI-Generated Code Notice